One of General Petraeus’ trademarks, both as a military leader and during his relatively brief tenure as Director of the CIA, was his openness and accessibility for the press. As long as the boundaries of the email conversation were clearly defined in advance, he was known to spend many hours in email correspondence with members of the press. Once confirmed in the job of CIA Director, he was the first in that role to install an open internet connection in his office. This skill to communicate with those outside the military ‘bubble’ assisted his successful shaping of his positive public persona, and to a degree—either deliberately or otherwise—promote an image of a potential future President of the United States. So it’s ironic that a man so aware of the positive uses of the cyber domain appears to have been brought down in flames by that very medium.
As the drama of the Petraeus affair unfolds hour by hour, captivating political observers, some might not have noticed Google’s recent transparency report. Released this week, it displays an increasing number of government requests for the removal of online content and access to user details. The latest report demonstrates that up to the end of the first half of 2012 there were 20,938 inquiries from governments around the world. Those requests were for information about 34,614 user accounts.
These two stories are important and linked because they highlight the surveillance powers that governments now have at their disposal, and provide a lesson on how we should all be aware of our online activity. If a CIA Director can be caught out, what hope do the rest of us have?
The trail began when the FBI began examining a case of suspected cyber-stalking of Jill Kelley, one of the Florida socialite twins who have become embroiled in the heart of the affair. She had become alarmed by a number of emails sent from a Gmail account accusing her of flirtatious behaviour towards Petraeus, and her complaint led to agents working with federal prosecutors in a local United States attorney’s office trying to figure out whether the e-mails constituted a criminal offence. However, as the sender’s account (later revealed as former military intelligence officer and Petraeus Biographer Paula Broadwell) had been registered anonymously, forensic techniques, utilising metadata attached to the emails, were used to identify the point of origin of the emails. As the locations were the same as Broadwell’s whereabouts, the FBI obtained a warrant to monitor the Gmail account. It was through this investigation that they discovered emails of a sexually explicit nature which, with further probing, were found to have originated from another Gmail account that belonged to Petraeus.
Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the IP address(es) from which a consumer has logged. The current debate in Australia regarding the retention of data is still very much a ‘live issue’. The most contentious element of the Attorney General’s Discussion Paper Equipping Australia against emerging and evolving threats (PDF) being the section that relates to the suggestion that carriage service providers (CSPs) be required to routinely retain certain information associated with every Australian’s use of the internet and phone services for a period of up to two years. If enacted, this could provide law enforcement and intelligence agencies with an extremely useful tool for the tracking and capture of suspected paedophiles, terrorists, and serious organised criminals. But it also quite clearly raises questions about the wider public’s privacy. This debate will clearly, and rightly, continue before final decisions are made, but powers like this should not be implemented unless the correct balances and checks are in place to ensure that they are not misused.
The Google transparency report has great significance in this case. The stats for Australia show that the Australian government has made 2,028 user data requests between 2010 and 2012, of which 1,749 users or accounts were specified for identification. In total, Google complied with 58% of these requests, demonstrating how the government is interacting with the web-based entity, receiving user details and data if the case was deemed worthy by both sets of lawyers.
Petraeus was clearly undone by his lack of secrecy and perhaps a lack of awareness of the vulnerabilities of his electronic communications upon entering a more secretive and discreet position with the CIA. Many observers enjoyed his ability to communicate with a wide audience and provide insights into the inner mechanics of security professions which are far beyond the attainment of the majority. The modern voyeur within all of us is captivated by such insights. In many respects, he has become the victim of the times in which we live, whereby we live out our lives in a more open and connected manner, displaying details of our personalities and existence online for all to see. If there is a lesson from this, it is that even those details which you think you have sufficiently hidden online can come back to haunt you.
Tobias Feakin is a senior analyst at the Australian Strategic Policy Institute. Image courtesy of Flickr user US Army.